[ISN] Hacker snitches for FBI, escapes 60 year prison term

From: mea culpa (jerichoat_private)
Date: Mon Sep 07 1998 - 21:22:38 PDT

  • Next message: mea culpa: "[ISN] RISKS-FORUM Digest Review"

    [Moderator: oops! This was one of the articles that got lost in the mixup
     last week. I should have taken the hint when a dozen people mailed it to
     me in the last week. :)]
    
    Would you hire a hacker?
    By Joseph C. Panettieri
    August 12, 1998
    Sm@rt Reseller
    
    Some of the world's largest corporations hired Justin Petersen. So did the
    FBI. In fact, in law-enforcement circles, he's known as Agent Steal, and
    he's got a long list of technical skills and references that would make
    most resellers drool.
    
    Consider his most recent tour of duty, which includes developing intranets
    and extranets for Cosmic Media, a Los Angeles-based Internet consulting
    firm that has deployed secure electronic commerce sites for Digital Media
    and other fledgling businesses. He has also launched his own 1,000
    square-foot computer center, which features two server rooms, a control
    room and an earthquake resistant design. 
    
    Now, for the twist: Petersen, 37, is also a reformed hacker. Earlier this
    decade he served time for breaking into several corporate networks, making
    bomb threats and stealing money from a bank electronically. [His run from
    justice.] "I imagine if I walked into a place and tried to get a regular
    job, my record would be an issue," concedes Petersen, speaking from the
    Los Angeles apartment he has called home since his release from prison
    last year. "But I've known a couple of guys from Cosmic Media for a long
    time, and I have other friends in the industry-including a Webmaster over
    at CNET.  Friends who are aware of my convictions support me and hire me. 
    
    "Hacking was a phase I went through," continues Petersen. "I learned what
    I wanted to learn, and I got it out of my system. That phase of my life is
    over." 
    
    FBI informant
    
    As if Petersen's story wasn't outrageous enough, portions of his digital
    crime spree actually were committed while he was working undercover for
    the FBI, according to court documents obtained by Sm@rt Reseller. He also
    has crossed paths with notorious Internet hacker Kevin Mitnick. 
    
    Reformed hacker Justin Petersen is working side-by-side with Web
    consultants and resellers. Would you hire him? Add your comments to the
    bottom of this page. 
    
    The FBI and the U.S. Department of Justice took Petersen's offenses quite
    seriously. When Petersen pleaded guilty to several computer-related crimes
    on March 27, 1995, the DOJ promptly issued a tersely worded press release
    stating that he faced a "maximum sentence of 60 years in prison and $2
    million in fines." 
    
    Today, that very same press release begs two troubling questions: How did
    Petersen emerge from prison so quickly? And can he be trusted to work with
    computers, the Internet and channel players? 
    
    To be sure, hackers increasingly are turning over new leafs as resellers
    and security consultants. Says John Klein, president of Rent-A-Hacker
    (www.rent-a-hacker.com), "I've seen my customers hire hackers. Sometimes
    an 18-year-old kid who lives on the Internet has more experience than a 30
    year old with a Master's [Degree] in computer science." 
    
    Still, hiring a young cyberpunk who knocked over a few Web sites is one
    thing. But recruiting the likes of Agent Steal is in another class. Says
    Art Brieva, chief technology officer at The PC Authority, a Plainview,
    N.Y.-based reseller: "There are hackers who mess around with systems for
    the pure challenge of it, and then there are hackers who have malicious
    intent.  I would tend to steer clear of the latter." 
    
    Quite a childhood
    
    Petersen says he started wiretapping phone systems and hacking computers
    when he was only 12. In his early years, he simply explored computer
    systems rather than damage them. For more than a decade, he read about
    technology and honed his hacking skills before breaking into TRW Inc.'s
    credit system in 1989. Later that year, he and fellow cyberpunk Kevin
    Poulsen rigged Pacific Bell's telecom network and seized a radio station's
    phone lines to win a $10,000 call-in contest. 
    
    "Poulsen taught me a great deal about hacking," allows Petersen. "But I
    was mostly self-taught. I bought lots of books and always read a lot about
    computers." 
    
    Petersen, working with Poulsen, found a security hole in a Pacific Bell
    test and maintenance system that made the radio station hack possible.
    Petersen claims the duo could latch onto any phone line within Pacific
    Bell's network, monitor it, ring it, dial out, and so on. Far from
    complicated, the hack required a single PC and two phone lines (one for
    control via computer and one to monitor). "Pacific Bell thought the system
    was secure, but they shut it down after they discovered the weakness we
    exploited," Petersen says. 
    
    After parting ways with Poulsen, Petersen fled to Texas in 1991 and was
    arrested after being caught driving a stolen Porsche. A search of
    Petersen's apartment by police uncovered more than a dozen fraudulent
    credit cards, modems and a computer. Police suspected Petersen was using
    the PC to illegally access TRW's credit system to obtain credit cards
    under several aliases, according to court documents. 
    
    Rather than face full prosecution, Petersen's legal troubles took a
    dramatic turn for the better in September 1991. According to court
    documents, a Secret Service agent visited Petersen in a Texas jail several
    times and they struck a stunning deal: In return for pleading guilty to
    various computer-related crimes, Petersen agreed to work undercover for
    the FBI. He was released and placed under the FBI's supervision in
    California.  Petersen's legal case also was transferred to California, and
    his sentencing was delayed until his work for the FBI was completed,
    according to the court documents. 
    
    Hunting hackers
    
    The nature of Petersen's service for the FBI remains unclear at best. 
    Neither the FBI nor the Secret Service is willing to comment about
    Petersen's case. For his part, Petersen claims the FBI rented him a
    furnished apartment and gave him a salary, two computers, two modems and
    phone lines to gather information about alleged hackers who may pose a
    threat to the government. 
    
    In particular, Petersen and several attorneys close to his case say he
    helped the FBI amass evidence against former buddy Poulsen, as well as
    Mitnick and Lewis DePayne. 
    
    Poulsen is now free after serving time for rigging the 1989 radio contest
    and facing a much more serious charge of international espionage. Mitnick
    and DePayne await a Jan. 19, 1999, trial date for an alleged Internet
    crime spree that Miramax, a major Hollywood movie studio, is transforming
    into a motion picture. 
    
    As for Petersen, his work for the FBI continued until Oct. 22, 1993. On
    that day, government officials met with Petersen and asked him if he had
    committed additional computer-related crimes while working for the FBI. 
    According to court documents, Petersen panicked and fled the meeting. Like
    Mitnick at the time, he was now a fugitive. 
    
    Petersen remained at large for more than a year. He surfaced again on Aug. 
    17, 1994, when he hacked Heller Financial Inc., a commercial financial
    service provider in Glendale, Calif. Once inside Heller's network,
    Petersen identified a line between two network switches that was
    accidentally left unencrypted. Petersen used the weak link, which has
    since been corrected, to transfer $150,000 from Heller's electronic vaults
    to an account at Union Bank in Bellflower, Calif. Petersen made two bomb
    threats to Heller in an effort to distract employees so they would not
    notice the transfer of funds, according to court documents. 
    
    This is only a test
    
    Petersen considered the first transfer a "test," and planned to return for
    more cash a few weeks after the first transaction. But the FBI was
    searching for him, and he was tracked down and arrested three weeks after
    hacking Heller's network. In early 1995 he pleaded guilty to committing
    computer wire fraud while a fugitive and didn't emerge from prison until
    April, 1997. 
    
    Petersen's time behind bars fell far short of the potential 60-year
    sentence he faced. Some lawyers, including Mitnick's attorney, Donald
    Randolph, consider Petersen's short sentence rather curious. Others are
    surprised that Petersen is free to work with computers and the Internet.
    By contrast, Mitnick is only allowed to use a non-networked PC when
    researching documents related to his criminal case. Petersen faces no such
    restrictions. 
    
    Says alleged hacker DePayne, the co-defendant in Mitnick's case: "Petersen
    hacked for profit then cooperated with the government. Poulsen didn't
    cooperate with the Feds. I'd say that's why Justin [Petersen], rather than
    Kevin [Poulsen], can now work with computers without any limitations." 
    Asst. U.S. Attorney David Schindler says Petersen is subject to a
    "supervised release" and must "get approval" from a parole officer before
    accepting high-technology jobs or any other work that may tempt fate. 
    
    Still, one question remains: How did Petersen circumvent the possible
    60-year prison sentence mentioned in the 1995 DOJ press release? "That's a
    question I'd love the government to answer," says attorney Richard
    Sherman, who has defended Mitnick and currently represents DePayne. 
    Schindler says Petersen got time off for good behavior, and adds that the
    DOJ's press release was a bit misleading. 
    
    Enjoying freedom
    
    Petersen has certainly made the most of his early release. In recent
    months, he has devoured technical manuals, and quickly gotten up to speed
    on numerous technologies that gained popularity during his prison stay,
    including Windows 95, Windows NT, Java and Internet development tools.  "I
    haven't been in any trouble since my release," he says (and attorney
    Schindler confirms). "I'm concentrating on Web development and my NT
    skills, and hope to launch an adult Web site down the road." 
    
    Petersen, by all accounts, is no longer using his hacker skills, but he
    certainly doesn't hide his past. His personal Web site features legal
    documents from his court case, interviews published in hacker
    publications, as well as a few booby traps that could send some Web users
    running for cover. (Because of the latter issue, Sm@rt Reseller has
    elected not to publish Petersen's URL.) Until very recently, the Web site
    manipulated a visitor's computer by launching nefarious Java applets. And
    his current e-mail address pokes fun at one of his former victims, Pacific
    Bell. 
    
    It's unclear how long Petersen will continue working side-by-side with
    channel players. Aside from launching his adult Web site, Petersen also is
    promoting Los Angeles night clubs. But despite such demands on his time,
    he's willing to continue lending local Web consultants a hand if the price
    is right. 
    
    And there are certainly resellers interested in the likes of Petersen.
    "Hackers are the best consultants out there," says Kevin Johnson, owner of
    security consultancy and reseller Johnson & Associates. "I've got a guy
    working for me who was a hacker, and he's very good at what he does."
    Even one of Petersen's staunchest critics, attorney Sherman, defends
    Petersen's right to work within the computer industry. Quips Sherman: "I
    don't think anyone's right to use a computer should be taken away. But if
    Justin hacks me, I'll kill him."
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:03:26 PDT